Ulta Beauty is the largest specialty beauty retailer in the United States and the place for the true beauty enthusiast who gets butterflies as she shops for beauty and experiments throughout our store. We are the only one to provide our guests prestige, mass and salon products and services under one roof – All Things Beauty, All in One Place™. We put our guests at the center of all we do, committing to offer her unrivaled ways to be beautiful in an environment that provides the thrill of exploration and delight of discovery.

POSITION SUMMARY:

The IT Risk Assessment Analyst has responsibilities related to the Third-Party Risk Management Program and the Sarbanes Oxley (SOX) SOX Compliance Program.  The IT Risk Management Assessment Analyst is responsible for supporting the successful delivery of our Third-Party Risk Management Program and for ensuring compliance with SOX controls as they pertain to the information technology components of the company.  They work closely with key stakeholders and maintain high quality standards while operating in a highly dynamic and fast paced environment.

CORE JOB RESPONSIBILITIES:

• Business Process Improvement: Analyzes business processes; evaluates alternative solutions, assesses feasibility, and recommends new approaches, typically seeking to exploit technology components. Evaluates the financial, cultural, technological, organizational and environmental factors which must be addressed in the change program. Develops business requirements for the implementation of significant changes in organizational mission, business functions and process, organizational roles and responsibilities, and scope or nature of service delivery.
• IT Governance – Understands relevant standards and the principles embedded within them. Evaluates new business proposals and provides specialist advice on compliance issues.
• Data Analysis:  Reviews and investigates corporate data requirements, and undertakes data analysis, data modelling and quality assurance techniques, to establish, modify or maintain data structures and their associated components.
• Information Management:  Ensures that the business processes and information required to support the organization are defined and devises appropriate standards, processes and data architectures. Evaluates the impact of any relevant statutory, internal or external regulations on the organization's use of information and develops strategies for compliance.
• Problem Management: Ensures that appropriate action is taken to anticipate, investigate and resolve problems in systems and services. Ensures that such problems are fully documented within the relevant reporting system(s).  Leads the development of problem solutions. Coordinates the implementation of agreed remedies and preventative measures. Evaluates patterns and trends.
• Relationship Management: Facilitates open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining and working to stakeholder engagement strategies and plans.  Negotiates with stakeholders at senior levels and ensures that organizational policy and strategies are adhered to. Uses feedback from customers and stakeholders to help measure effectiveness of stakeholder management. Contributes to the development and enhancement of customer and stakeholder relationships.

ADDITIONAL RESPONSIBILITIES:

• Perform Third Party technology risk assessments
• Foster a high-performance, risk-managed, compliant culture within IT by evangelizing the importance of risk managed solutions and supporting disincentives for non-compliance
• Perform day-to-day aspects including scoping, identifying and implementing key SOX controls, conducting quarterly and annual review exercises, documenting evidence and partnering with auditors, IT and business owners to complete the assessments.
• Assist in identifying and validating key controls to address IT and business risks and work with various teams to address identified deficiencies
• Assist with the education and training of process / control owners so they better understand technology control frameworks and their responsibilities
• Assist in the design of security controls, policies and procedures

Requirements

• Bachelor’s degree in a technical discipline, a related field, or applicable work experience
• 5+ years of experience in one or more risk management areas
• 5+ years of experience in an information security compliance, audit or risk management role
• Understanding of SOX Compliance requirements and IT General Controls
• Demonstrated experience in implementing and assessing SOX related standards, guidelines, and other regulatory mandates
• Experience with developing and implementing automation for controls and compliance is preferred
• Strong experience in Information Risk Management best practices
• Experience interacting with business users and vendors including vendor management
• Strong analysis/troubleshooting skills
• Technology Vendor Risk Management experience preferred
• Excellent communication skills; feels comfortable working with non-technical business partners
• Flexibility of providing support during odd hours, weekends, and peak seasons
• Minimal travel required (training/conferences)